On Tue Apr 11, 2000 at 0034, [EMAIL PROTECTED] wrote: > > -----BEGIN CERTIFICATE----- > MIICDTCCAXYCAQkwDQYJKoZIhvcNAQEEBQAwgZsxCzAJBgNVBAYTAlVTMRMwEQYD > VQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpTYW50YSBSb3NhMSIwIAYDVQQKExlT > U0kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRgwFgYDVQQDEw9QZXRlciBTY2hsb3Nz > ZXIxJDAiBgkqhkiG9w0BCQEWFVN1cHBvcnRAU0lHTkFUVVJFLk5FVDAeFw0wMDA0 > MTEwNzIwMTBaFw0wMTA0MTEwNzIwMTBaMALNzTCBnzANBgkqhkiG9w0BAQEFAAOB > jQAwgYkCgYEAwuAWQkvAbKZkdCxCR4QhWZFhIZ46+hbMleIDHMXnapu9v7zgVCd7 > KeNz0FAkRriE90mWtGEFmueXX78xf8YKRKYrsGlDfAfd7HNgNKAPKNNrsgEgMil+ > pc34hp/KbAH+PP+qdpOjm8IUKdZ9U1BbWqDLyNk/2sJx/rrLDKap1k0CAwEAATAN > BgkqhkiG9w0BAQQFAAOBgQCsR48veykuydnYLkPyJAsvUL8ReGAClsFiTzHr/i6O > 8BLZHVk28r6RHTUvFzGgqSxkKf8EVP/lxDrIRvZs3nSUv4YStFVFnhHrDeP1Ulu8 > wRZeY+9jcVuoECRmG6AEx/dKCnFH2RGqg5+9Me6Pb375yIzFVJZWNbZ/CVGhQLiW > Bg== > -----END CERTIFICATE----- The certificate above is not encoded properly; the subject DN is partially missing. Where the subject should be, there is the start of a SEQUENCE (i.e., 30), but the length is encoded as 02 CD CD (~52k and much longer than the certificate). My ca.conf file has the following entries to control the generation of the CSR. Suspect lack of some of these options is resulting in a CSR with an empty subject DN which is then being improperly encoded by openssl (an empty sequence should be encoded as 30 01 00). This may be your problem. If you're using V1 certs, this may need some modification. -scott -----BEGIN EXCERPT----- [ req ] default_bits = 1024 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes default_md = sha1 x509_extensions = v3_ca [ req_distinguished_name ] countryName = Country Name (2 letter code) organizationName = Organization Name organizationalUnitName = Organizational Unit Name commonName = Common Name emailAddress = Email Address [ req_attributes ] challengePassword = A challenge password [ v3_user ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = CA:true -----END EXCERPT----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
